In this section, we describe the operations in the second phase of our algorithm. Given the input regular chainF, we suppose at this stage that the exchange data has been computed previously. This means that we know a sequence Y0, . . . ,Ys in M∗coord(W), for W = V(Sat(F)), where Yi and Yi+1 differ by at most one element for alli.
Starting from a lifting fiber associated to the choice of algebraic variables Y0, we will now compute a sequence of lifting fibers associated to the algebraic variables Y1, . . . and finally output a lifting fiber associated to the set of algebraic variablesYs.
Theith step goes as follows. Suppose thatYiandYi+1 are such thatYi+1 =Yi−{Bi}∪
{Ai}, with Yi+1 6=Yi (if they coincide, there is nothing to do). Hence, Ai is a free variable at step i that becomes algebraic, and Bi is algebraic at step i and becomes free. Suppose also that we know a lifting fiber for Yi. First, we change the order in this lifting fiber, so that Bi becomes the smallest algebraic variable: this is done using a routine for change of order in dimension zero. Then, we lift the free variable Ai using Newton iteration, clean all denominators (if needed), and specialize Bi at a random value. Making all polynomials monic in the resulting regular chain yields the next lifting fiber.
As an illustration, consider the variety W given in the introduction, defined over the field K by the equations
P1−X12 = 0, P2−X22 = 0, S−X1X2 = 0.
The initial set of free variables is (X1, X2), with algebraic variables (S, P1, P2); the first lifting fiber is (X1 = 1, X2= 1), together with the zero-dimensional triangular set
the corresponding lifting fiber, the first operation consists in puttingP2 as last free variable in the previous lifting fiber. Here, this is a trivial computation, yielding
We then liftX2, using Newton’s iteration. Here again, the computation is trivial; we obtain
Finally, we specialize P2 at a “random” value, here 1, and rearrange the equations (making every equation monic again), to obtain a lifting fiber corresponding to the set of algebraic variables (S, P1, X2).
3.5. Changing the lifting fiber This section describes this process, gives a complexity analysis and quantifies the bad spe-cialization choices. Since the whole second step of our main algorithm essentially amounts to perform at most s times the variable exchange process just described, we concentrate on proving the following proposition.
Proposition 3.14. Let Y and Y′ be two sets of algebraic variables for W, such that Y′ = Y− {B} ∪ {A} holds. Suppose that a lifting fiber (z,Tz) for the set of algebraic variables Y is known, and write z= (z1, . . . , zr−1, a).
Then one can compute a lifting fiber (z′,Uz′) for the set of algebraic variables Y′ by a probabilistic algorithm, using
O (n4+nL)MT(W)M (degW)2
log(degW)
operations in K in case of success. The algorithm chooses two values values (a′, b) in K, letting in particular z′ = (z1, . . . , zr−1, b).
There exists a non-zero polynomial ∆exchange ∈ K[Z1, . . . , Zr−1, A′, B] of degree at most 2dn(3d2n+(6m+13m2)dn+m2), withm= max(n, d), such that if∆exchange(z1, . . . , zr−1, a′, b) is not zero, the algorithm succeeds.
Given the exchange data Y0, . . . ,Ys, applying successively this proposition to (Y0,Y1), . . . ,(Ys−1,Ys)
will easily yield the proof of our main theorem. Hence, the rest of this section is devoted to prove this proposition.
3.5.1 Setup and preliminaries
We first detail some preparatory steps for our algorithm, using the notation of Propo-sition 3.14. Let thus Y and Y′ be two bases of M∗coord(W), and let Z = X −Y and Z′ =X−Y′. We suppose thatY and Y′ differ by a single variable, so that we will write
Y= (B, Y2, . . . , Ys) and Y′ = (A, Y2, . . . , Ys), with A 6=B, or equivalently
Z= (Z1, . . . , Zr−1, A) and Z′ = (Z1, . . . , Zr−1, B).
Suppose finally that we know a lifting fiber in K[Y] for the input set of algebraic variables Y. First, we perform a change of order in dimension zero on this lifting fiber, to make it comply to the order given by
Z1 <· · ·< Zr−1 < A < B < Y2 <· · ·< Ys,
which we will call the input order. The cost of this operation is given in Subsection 3.2.2:
using the FGLM algorithm, it is at most n(degW)3 operations in K. Without loss of generality, we suppose from now on that the input lifting fiber (z,Tz) supports this order.
Accordingly, we let T = (T1, . . . , Ts) ⊂ K(Z)[Y] and R = (R1, . . . , Rs)∈ K[Z][Y] =K[X]
be the canonical representations associated to this order, coming from Proposition 3.1.
Chapter 3. Change of order for regular chains . . .
Let us write z as (z1, . . . , zr) ∈ Kr and let us define Z− = (Z1, . . . , Zr−1). In the com-putation to follow, all variables in Z− will be specialized at the value z−= (z1, . . . , zr−1)∈ Kr−1. Hence, we write T− for the triangular set in K(A)[Y] obtained by specializing Z− at z− in all coefficients of T; we also define R− as the family of polynomials in K[A,Y] = K[A, B, Y2, . . . , Ys] obtained by cleaning all denominators in T−. Observe that due to possible simplifications, R− does not have to coincide with the specialization of R at (z1, . . . , zr−1), see Lemma 3.11 below.
Since (z,Tz) is a lifting fiber for the input order, Newton iteration enables us to use it to recover T−. Proposition 3.6 shows that the complexity of this operation is
O (n4+nL)MT(W)M (degW)2
log(degW)
;
the algorithm chooses one random value a′ in the base field, and all choices except at most nd2n(n+ 16 logd+ 11) lead to success.
Knowing T−, we deduce R− by a least common multiple computation and some poly-nomial multiplications. To be precise, we write
T− = (T−,1, . . . , T−,s) and R− = (R−,1, . . . , R−,s),
with T−,i in K(A)[B, Y2, . . . , Yi] and R−,i in K[A, B, Y2, . . . , Yi]. For i ≤ s, we then let ℓi ∈ K[A] be the least common multiple of the denominators of the coefficients of T−,i; hence, R−,i = ℓiT−,i and ℓi is the initial of R−,i for the input order. The following lemma gives degree bounds for the polynomials in T− and R−; the cost of deducing R− from T− is given next.
Lemma 3.10. The polynomialℓi and all coefficients ofR−,ihave degree bounded by (degW) for i= 1, and 2(degW)2 for i= 2, . . . , s.
Proof: This is Theorem 2 in [32]. 2
Corollary 3.2. Suppose that T− is known. Then one can recover R− using O(n(degW)M (degW)2
log(degW)) operations in K.
Proof: Let us fix i≤ s. Since the least common multiple of two polynomials of degree d can be computed in O(M(d) log(d)) base field operations, in view of the previous lemma, the cost for computing ℓi is in
O diM (degW)2
log(degW) .
Then, deducingR−,irequiresd1· · ·di−1 multiplications inK[A] in degree at most 2(degW)2. Using the upper bounds d1· · ·di−1 ≤ degW and di ≤ degW, this shows that R−,i can be obtained in
O (degW)M (degW)2
log(degW)
base field operations. Summing over alli gives the result. 2 To conclude this paragraph, the next lemma makes the relation between the families R = (R1, . . . , Rs)⊂K[Z][Y] and R−= (R−,1, . . . , R−,s)⊂K[A][Y] more precise.
3.5. Changing the lifting fiber
dim. r · · · R∈K[Z][Y]
Z−←(z1,...,zr−1)
· · ·
...
dim. 1 · · · T− ∈K(A)[Y] R−∈K[A,Y]
Clean the denominators
B←b
· · ·
dim. 0 · · · Tz ∈K[Y]
Change of order
Lift A
Sz′ ∈K[Y′]
Inverse the initials
Uz′ ∈K[Y′]
Change of order
· · ·
Figure 3.3: Changing the lifting fiber from (z,Tz) to (z′,Uz′) Lemma 3.11. Fori= 1, . . . , s, there exists mi ∈K[A] such that the equality
Ri(z1, . . . , zr−1, A, B, Y2, . . . , Ys) = miR−,i
holds.
Proof: LetLi ∈K[Z1, . . . , Zr−1, A] be the least common multiple of the coefficients ofTi. Then ℓi divides Li(z1, . . . , zr−1, A), and the requested equality comes by lettingmi be their
quotient. 2
Corollary 3.3. Letx= (z1, . . . , zr−1, a, b, y2, . . . , ys)be inKn. Then if the point(a, b, y2, . . . , ys) is a root of R−, the point x is a root of R.
Proof: This is a direct consequence of Lemma 3.11. 2 Corollary 3.4. Let a be inK, such that no denominator of T vanishes at (z1, . . . , zr−1, a).
Then the triangular setT−is well-defined, andxis a root ofRif and only if(a, b, y2, . . . , ys) is a root of R−.
Proof: The first point is immediate. The second follows by using Lemma 3.11, and observ-ing that fori= 1, . . . , s,mi does not vanish at a, since it would imply that the denominator Li of Ti (using the notation of the proof of Lemma 3.11) vanishes at (z1, . . . , zr−1, a). 2
3.5.2 Finding the new lifting fiber
We now detail the main operations needed to obtain the lifting fiber for the new set of alge-braic variables Y′. As input, we take z−= (z1, . . . , zr−1)∈Kr−1 as well as the polynomials R− ∈K[A, B, Y2, . . . , Ys] obtained in the previous subsection.
Recall that we write Z′ = (Z1, . . . , Zr−1, B). Given a value b ∈ K, writing z′ = (z1, . . . , zr−1, b), we let Sz′ be the polynomials in K[A, Y2, . . . , Ys] = K[Y′] obtained by specializing B atb inR−. Defining thetarget order <′ by
Z1 <· · ·< Zr−1 < B < A < Y2 <· · ·< Ys,
we will now show that for most values b of B,Sz′ defines a lifting fiber for (F, h, <′), where F denotes our initial regular chain, and h is the product of its initials.
Chapter 3. Change of order for regular chains . . .
Proposition 3.15. There exists a non-zero polynomial Γ1 ∈ K[Z′] of degree at most dn(6d2n+ (9dn+ 2)m2), with m= max(n, d), such that, if Γ1(z′)6= 0, the following holds:
• Sz′ is a regular chain for the target order <′, and defines a radical ideal.
• Let Uz′ be the triangular set obtained by inverting all leading coefficients inSz′. Then (z′,Uz′) is a lifting fiber for (F, h, <′).
Furthermore, if the previous properties hold, Uz′ can be deduced from R− using O nM (degW)2
log(degW) operations in K.
Proof: By Proposition 3.3, there exists a non-zero polynomial ∆lift ∈ K[Z] of degree at most ndn(3dn+n+d), such that, forz= (z1, . . . , zr−1, a)∈Kr, if ∆lift(z) is not zero, then z is a lifting fiber for (F, h, <); in particular, z then satisfies conditions H1, H2, H3.
Lemma 3.12. If z′ does not belong to πZ′(V(R)∩V(∆lift)), then we have the equivalence (a, y2, . . . , ys)∈V(Sz′) ⇐⇒ (z1, . . . , zr−1, a, b, y2, . . . , ys)∈W.
Proof: Let x = (z1, . . . , zr−1, a, b, y2, . . . , ys) be in W. Since W is contained in V(R), by Corollary 3.4, (a, b, y2, . . . , ys) is a root of R−. In other words, (a, y2, . . . , ys) is a root ofSz′ Conversely, let (a, y2, . . . , ys) ∈ Ks be a root of Sz′ and let us define the point x = (z1, . . . , zr−1, a, b, y2, . . . , ys). By Corollary 3.4, x is a root of R, so by assumption, z = (z1, . . . , zr−1, a) does not cancel ∆lift. Hence, z satisfies conditions H1, H2 and H3 for the input order<. We deduce by Corollary 3.4 that xis a root of R. ConditionH2 then implies
that xis in W. 2
Lemma 3.13. If z′ does not belong to πZ′(V(R)∩V(∆lift)), then Sz′ is a regular chain in K[Y′].
Proof: Recall that we write R− = (R−,1, . . . , R−,s), where R1 is in K[A, B] and Ri is in K[A, B, Y2, . . . , Yi] for i > 1. Recall also that by construction, the initial ℓi of R−,i is the least common multiple of the denominators of the coefficients of Ti; in particular, it is in K[A]. By construction, the ith polynomial in Sz′ is R−.i(A, b, Y2, . . . , Ys), so for i > 1, its initial isℓi as well.
By assumption, none of the points inV(R−)∩V(B−b) cancels ∆lift. Hence, by definition of ∆lift, none of the denominators of Tvanishes onV(R−)∩V(B−b). This implies that no polynomialℓi vanishes on V(R−)∩V(B−b), that is, on V(Sz′). Hence, ℓi is a zero-divizor modulo the i−1 first polynomials in Sz′; by defintion, it is a regular chain. 2 Lemma 3.14. Let D ∈ K[Z′] be the resultant of R1 and ∂R1/∂A with respect to A. If z′ does not belong to πZ′(V(R)∩V(D∆lift)), then Sz′ defines a radical ideal in K[Y′].
Proof: Let (a, y2, . . . , ys) ∈ Ks be a root of Sz′, and let us write the polynomials of Sz′ as (Sz′,1, . . . , Sz′,s) ⊂ K[A, Y2, . . . , Ys]. We will prove that none of the partial derivatives
∂Sz′,1/∂A and ∂Sz′,i/∂Yi, for i >2, vanishes at (a, y2, . . . , ys), which is enough to conclude by the Jacobian criterion.
Let us define z= (z1, . . . , zr−1, a) and consider the triangular setTz ⊂K[B, Y2, . . . , Ys].
By assumption on z′, Tz is well-defined and generates a radical ideal in K[Y]. In other
3.5. Changing the lifting fiber words, none of the partial derivatives ∂Tz,i/∂Yi vanishes on the zero-set of Tz. Now, the point x = (z1, . . . , zr−1, a, b, y2, . . . , ys) ∈Kn is in the zero-set of Tz, and at this point, the values of the partial derivatives ∂Sz′,i/∂Yi and ∂Tz,i/∂Yi coincide, up to the non-zero factor ℓi(a). Hence, none of the partial derivatives∂Sz′,i/∂Yi is zero at (a, y2, . . . , ys) for i >2.
It remains to deal with the partial derivative ∂Sz′,1/∂A of the first polynomial Sz′,1. Since z− = (z1, . . . , zr−1) does not cancel the leading coefficient ofR1, ifD(z′) is not zero, then Lemma 3.11 shows that R−,1(z1, . . . , zr−1, A, b) = Sz′,1(A) has no multiple root, which
is what we wanted to prove. 2
We can now prove Proposition 3.15. Remark that the first polynomial R1 in R belongs to K[Z, B]. By the definition of R, it admits no factor in K[Z], and has total degree at most (degW). In particular, its resultant with ∆lift with respect to A is a non-zero polynomial C in K[Z1, . . . , Zr−1, B] = K[Z′]. All points z′ = (z1, . . . , zr−1, b) which belong toπZ′(V(R)∩V(∆lift)) cancel this resultant C, whose degree is at most (2 degWdeg ∆lift).
We continue by considering the resultant D appearing in the last lemma. Recall that the polynomial R1 ∈ K[Z1, . . . , Zr−1, A, B] defines the closure of πZ1,...,Zr−1,A,B(W). Then, R1 has non-zero degree in A, since otherwise Z′ = Z1, . . . , Zr−1, B would not be a set of free variables for W. Furthermore, R1 is irreducible in K[Z1, . . . , Zr−1, A, B]; hence, its discriminant D is non-zero, of degree at most 2(degR1)2. Using again Theorem 2 in [32], we get that the degree of R1 is upper-bounded by (degW), so that the degree of D is at most 2(degW)2.
To conclude the probability analysis, let ∆′lift ∈ K[Z′] be the polynomial associated by Proposition 3.3 to the projection πZ′, so that if ∆′lift(z′) is not zero, then z′ satisfies the lifting conditions H1, . . . ,H4 for the system (F, h, <′). We then take Γ1 =CD∆′lift, which is non-zero and of the requested degree. Then, if z′ does not cancel Γ1, z′ satisfies the lifting conditions. Besides, by the previous lemmas, the monic form Uz′ of Sz′ is a triangular set, defining a radical ideal, and having for zero-set {z′} ×Wz′; this implies that (z′,Uz′) is a lifting fiber for (F, h, <′).
The final part of the proof is the complexity analysis. As input, recall that we receive the polynomials R− in K[A, B, Y2, . . . , Ys] obtained in the previous subsection. The first step consists in specializing B at b in these polynomials: this can be done in time O(degW).
Next, we invert all initials ℓi ∈ K[A] modulo the univariate polynomial Sz′,1 ∈ K[A]. All initialsℓi have degree at most 2(degW)2 and can be inverted moduloSz′,1, so this operation takes O(nM((degW)2) log(degW)) operations in the base field. This finishes the proof of
Proposition 3.15. 2
3.5.3 Proof of Proposition 3.14
We conclude this section with the proof of Proposition 3.14 announced in the introduction of this section. The complexity estimate follows from taking the sum of all contributions seen previously in this section: using the fact that MT(W) is at least linear in degW, the dominant term comes from the lifting step of Subsection 3.5.1.
The probability analysis comes easily too: a first source of error is in the choice of a value a′ used to stop Newton’s iteration; the second one comes from the possibility that (z1, . . . , zr−1, b) cancels the polynomial Γ1 ∈K[Z1, . . . , Zr−1, B] of the previous proposition.
Since the values a′ that provoke error are in finite number, there is a non-zero polyno-mial Γ2 ∈ K[A′] having these values as roots. It then suffices to let ∆exchange = Γ1Γ2 ∈
Chapter 3. Change of order for regular chains . . .
K[Z1, . . . , Zr−1, A′, B]; the degree bound comes easily after a few simplifications.